Financial institutions continue to make account access more convenient for their customers by adding more paths of interaction to perform account transactions. But as each new method of transacting business opens, additional potential security threats appear.

Even before the advent of the internet and e-commerce, criminals have continuously developed new and more ingenious ways of defrauding credit card owners.  By the end of 2006, the cost of credit card fraud in the United States amounted to seven cents per $100 worth of transactions – this amounts to billions of dollars over a 12-month period, and the problem is continuing to expand across different communication channels.

Credit card fraud takes a number of different forms. Some of the most common include:

• Identity Theft – This happens when someone either opens a credit card account by impersonating someone else (application fraud) or takes over an existing account through similar means (account takeover).
• Skimming – Skimming happens when criminals use a small electronic device to clone credit card information.
• Hacking – Computers without firewall protection are especially vulnerable to these attacks.
• Phishing – This usually refers to the practice of sending out emails impersonating financial companies.

To track down such potential fraudulent activity, many businesses take a manual approach by using highly skilled investigators to perform the detective work. And while these investigations might ultimately identify suspicious activities and even perpetrators, the fraudulent acts are typically discovered after a monetary transaction has already occurred.

Because contact centers represent a nexus where card application, activation, processing and servicing—and related fraudulent activity—occur, these centers are in a unique position, aided by the right technology, to help identify and prevent fraud—possibly even before it occurs.

And in today’s multi-channel, social landscape, fraud detection should be implemented across channels including IVR systems, websites, POS, ATMs, and every other point of communication in the chain.

Fraud detection systems, enabled by a rules-based pattern analysis engine, can identify ‘abnormal’ activity on a customer account, such as unusually large transactions or transactions originating from outside the US.  Simple detection applications will inspect activity on individual accounts while a more sophisticated fraud detection system can search for commonalities across all accounts, and all communications channels—in real-time—to more quickly and accurately identify the source of probe or compromise (i.e. the fraudster’s phone, PC, or IP address among other possibilities).

Fraudulent users most often attack the weakest link and cross-leverage information to attack other areas. But the establishment of suspect fraud indicators (Social Security Number, Name, Emails, Addresses, etc.) coupled with identifying potentially suspect accounts is another way to prevent fraud and help combat it before actual theft occurs. The investigation of suspect fraud indicators, and the continual update of their status and results internally, allows for the identification of additional indicators and the clearance of others.

An important feature for a fraud detection system is a case management utility. With a centralized repository of notes, indicators, records and other information about monitored activity, case managers can more effectively and efficiently monitor suspicious activity.

The combination of case management tools for investigators and the automated identification of suspicious activity by rules-based, pattern analysis systems represents the vanguard of fraud prevention and detection from within the contact center.

Customers must also be aware of fraud, and can usually only access their own data with a password, or a combination of a username and a password.  If an attempt is made to access customer data with an invalid password, the system will normally require the customer to answer a number of pre-set security questions to make sure that he or she is indeed the account holder.

As a final security measure, call centers should regularly carry out what is called ‘penetration testing’ in the industry—this is an internal security test to determine security system effectiveness.